U.S. patent number 10,902,327 [Application Number 14/470,812] was granted by the patent office on 2021-01-26 for system and method for device identification and uniqueness.
This patent grant is currently assigned to The 41st Parameter, Inc.. The grantee listed for this patent is The 41st Parameter, Inc.. Invention is credited to Ernest Mugambi, Raz Yalov.
![](/patent/grant/10902327/US10902327-20210126-D00000.png)
![](/patent/grant/10902327/US10902327-20210126-D00001.png)
![](/patent/grant/10902327/US10902327-20210126-D00002.png)
![](/patent/grant/10902327/US10902327-20210126-D00003.png)
![](/patent/grant/10902327/US10902327-20210126-D00004.png)
![](/patent/grant/10902327/US10902327-20210126-D00005.png)
![](/patent/grant/10902327/US10902327-20210126-D00006.png)
![](/patent/grant/10902327/US10902327-20210126-D00007.png)
![](/patent/grant/10902327/US10902327-20210126-D00008.png)
![](/patent/grant/10902327/US10902327-20210126-D00009.png)
United States Patent |
10,902,327 |
Yalov , et al. |
January 26, 2021 |
System and method for device identification and uniqueness
Abstract
Systems and methods for determining uniqueness of device
identifiers are provided are provided. The uniqueness of a device
identifier may be indicated by a device quality score or grade that
is calculated based on a plurality of parameters associated with a
device identifier as well as evaluation rules derived based on
historical data. The plurality of parameters may be associated with
a network event or transaction associated with the device
identifier. The evaluation rules may be derived using machine
learning techniques. Based on uniqueness of a device identifier, a
suitable action or measure may be taken.
Inventors: |
Yalov; Raz (Scottsdale, AZ),
Mugambi; Ernest (San Jose, CA) |
Applicant: |
Name |
City |
State |
Country |
Type |
The 41st Parameter, Inc. |
Scottsdale |
AZ |
US |
|
|
Assignee: |
The 41st Parameter, Inc.
(Scottsdale, AZ)
|
Appl.
No.: |
14/470,812 |
Filed: |
August 27, 2014 |
Related U.S. Patent Documents
|
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
Issue Date |
|
|
61872287 |
Aug 30, 2013 |
|
|
|
|
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
G06N
5/025 (20130101); G06N 20/00 (20190101) |
Current International
Class: |
G06N
5/02 (20060101); G06N 20/00 (20190101) |
Field of
Search: |
;706/47 |
References Cited
[Referenced By]
U.S. Patent Documents
Foreign Patent Documents
|
|
|
|
|
|
|
0 418 144 |
|
Mar 1991 |
|
EP |
|
0 645 692 |
|
Mar 1995 |
|
EP |
|
0 923 039 |
|
Jun 1999 |
|
EP |
|
1 067 792 |
|
Jan 2001 |
|
EP |
|
1 209 935 |
|
May 2002 |
|
EP |
|
1 256 911 |
|
Nov 2002 |
|
EP |
|
1 201 070 |
|
Jun 2006 |
|
EP |
|
1 703 382 |
|
Sep 2006 |
|
EP |
|
1 197 032 |
|
Aug 2007 |
|
EP |
|
2 154 891 |
|
Feb 2010 |
|
EP |
|
2 491 101 |
|
Nov 2012 |
|
GB |
|
2 492 604 |
|
Jan 2013 |
|
GB |
|
05-257602 |
|
Oct 1993 |
|
JP |
|
2000-020467 |
|
Jan 2000 |
|
JP |
|
2000-099250 |
|
Apr 2000 |
|
JP |
|
2000-137755 |
|
May 2000 |
|
JP |
|
2000-242582 |
|
Sep 2000 |
|
JP |
|
2000-276281 |
|
Oct 2000 |
|
JP |
|
2002-007697 |
|
Jan 2002 |
|
JP |
|
2002-297869 |
|
Oct 2002 |
|
JP |
|
2003-050910 |
|
Feb 2003 |
|
JP |
|
2005-063216 |
|
Mar 2005 |
|
JP |
|
2005-115644 |
|
Apr 2005 |
|
JP |
|
2005-135431 |
|
May 2005 |
|
JP |
|
2006-004333 |
|
Jan 2006 |
|
JP |
|
2007-272520 |
|
Oct 2007 |
|
JP |
|
2007-282249 |
|
Oct 2007 |
|
JP |
|
2008-022298 |
|
Jan 2008 |
|
JP |
|
2008-065363 |
|
Mar 2008 |
|
JP |
|
2008-171315 |
|
Jul 2008 |
|
JP |
|
2008-535124 |
|
Aug 2008 |
|
JP |
|
2008-243008 |
|
Oct 2008 |
|
JP |
|
2008-257434 |
|
Oct 2008 |
|
JP |
|
2008-269229 |
|
Nov 2008 |
|
JP |
|
4202314 |
|
Dec 2008 |
|
JP |
|
2009-048538 |
|
Mar 2009 |
|
JP |
|
2009-122880 |
|
Jun 2009 |
|
JP |
|
2009-175984 |
|
Aug 2009 |
|
JP |
|
2010-020728 |
|
Jan 2010 |
|
JP |
|
2010-061254 |
|
Mar 2010 |
|
JP |
|
2010-122955 |
|
Jun 2010 |
|
JP |
|
2010-122956 |
|
Jun 2010 |
|
JP |
|
2010-225040 |
|
Oct 2010 |
|
JP |
|
2010-250664 |
|
Nov 2010 |
|
JP |
|
2011-065531 |
|
Mar 2011 |
|
JP |
|
2011-134252 |
|
Jul 2011 |
|
JP |
|
2011-159307 |
|
Aug 2011 |
|
JP |
|
2012-234503 |
|
Nov 2012 |
|
JP |
|
5191376 |
|
May 2013 |
|
JP |
|
5216932 |
|
Jun 2013 |
|
JP |
|
10-1999-0015738 |
|
Mar 1999 |
|
KR |
|
10-0645983 |
|
Nov 2006 |
|
KR |
|
10-2008-0044558 |
|
May 2008 |
|
KR |
|
10-2009-0051977 |
|
Sep 2009 |
|
KR |
|
10-2010-0085888 |
|
Jul 2010 |
|
KR |
|
WO 96/041488 |
|
Dec 1996 |
|
WO |
|
WO 97/003410 |
|
Jan 1997 |
|
WO |
|
WO 99/050775 |
|
Oct 1999 |
|
WO |
|
WO 01/011450 |
|
Feb 2001 |
|
WO |
|
WO 01/033520 |
|
May 2001 |
|
WO |
|
WO 01/095550 |
|
Dec 2001 |
|
WO |
|
WO 01/097134 |
|
Dec 2001 |
|
WO |
|
WO 02/001462 |
|
Jan 2002 |
|
WO |
|
WO 02/071176 |
|
Sep 2002 |
|
WO |
|
WO 02/091226 |
|
Nov 2002 |
|
WO |
|
WO 03/017155 |
|
Feb 2003 |
|
WO |
|
WO 03/025868 |
|
Mar 2003 |
|
WO |
|
WO 03/075197 |
|
Sep 2003 |
|
WO |
|
WO 02/037219 |
|
May 2004 |
|
WO |
|
WO 2004/038997 |
|
May 2004 |
|
WO |
|
WO 2005/038818 |
|
Apr 2005 |
|
WO |
|
WO 2005/099166 |
|
Oct 2005 |
|
WO |
|
WO 2006/135367 |
|
Dec 2006 |
|
WO |
|
WO 2007/001394 |
|
Jan 2007 |
|
WO |
|
WO 2007/045818 |
|
Apr 2007 |
|
WO |
|
WO 2007/072238 |
|
Jun 2007 |
|
WO |
|
WO 2007/075573 |
|
Jul 2007 |
|
WO |
|
WO 2008/029828 |
|
Mar 2008 |
|
WO |
|
WO 2008/054849 |
|
May 2008 |
|
WO |
|
WO 2009/132148 |
|
Oct 2009 |
|
WO |
|
WO 2012/054646 |
|
Apr 2012 |
|
WO |
|
WO 2012/061801 |
|
May 2012 |
|
WO |
|
WO 2012/142121 |
|
Oct 2012 |
|
WO |
|
WO 2012/142584 |
|
Oct 2012 |
|
WO |
|
WO 2013/006538 |
|
Jan 2013 |
|
WO |
|
WO 2013/142722 |
|
Sep 2013 |
|
WO |
|
WO 2014/022813 |
|
Feb 2014 |
|
WO |
|
WO 2014/078569 |
|
May 2014 |
|
WO |
|
WO 2018/129373 |
|
Jul 2018 |
|
WO |
|
WO 2018/151822 |
|
Aug 2018 |
|
WO |
|
Other References
Banking Services Newsletter, "Keeping You Up-to-Date on Banking
Developments Throughout the UC System", University of California,
Office of the President, Banking Services Group, Newsletter 1, Dec.
2005, p. 1. cited by applicant .
Bharosa, "Bharosa Authenticator",
http://www.bharosa.com/authenticator.html, Jan. 18, 2007, pp. 3.
cited by applicant .
Bharosa, "Bharosa Announces Online Authentication Solution to
Counter Check 21-Based Fraud",
http://www.bharosa.com/news/PR-110705.html, Jan. 18, 2007, pp. 2.
cited by applicant .
Darlin, Damon, "Opening the Door on the Credit Report and Throwing
Away the Lock",
http://www.nytimes.com/2006/03/18/business/yourmoney.html, The New
York Times, Saturday Mar. 18, 2006, pp. 2. cited by applicant .
Derfler, Jr. et al, "How Networks Work", Millennium Edition, Que
Corporation, Indianapolis, IN, Sep. 2000. [Uploaded in 2 parts].
cited by applicant .
Gralla, Preston, "How the Internet Works", Millennium Edition, Que
Corporation, Indianapolis, IN, Aug. 1999. [Uploaded in 2 parts].
cited by applicant .
Gueye et al., "Constraint-Based Geolocation of Internet Hosts", ACM
Internet Measurement Conference 2004, Oct. 25-27, 2004, Taormina,
Sicily, Italy, vol. 14, No. 6, pp. 288-293. cited by applicant
.
"ISO 8583", Wikipedia, http://en.wikipedia.org/wiki/ISO_8583, dated
Apr. 13, 2015 in 14 pages. cited by applicant .
Kohno et al., "Remote Physical Device Fingerprinting", Proceedings
of 2005 IEEE Symposium on Security and Privacy, May 8-11, 2005,
Oakland, CA, pp. 211-225. cited by applicant .
Manavoglu et al., "Probabilistic User Behavior Models", ICDM, Third
IEEE International Conference on Data Mining, Nov. 19-22, 2003, pp.
203-210. cited by applicant .
TechWeb, "Wells Fargo Intros Anti-Theft Alerts",
http://www.techweb.com/wire/166404177, Aug. 1, 2005, pp. 1. cited
by applicant .
"UPIC Marketing Guide--The Clearing House",
http://www.upic.com/infofiles/UPIC_Marketing_Guide.pdf, as printed
Dec. 19, 2006. pp. 1-16. cited by applicant .
White, Ron, "How Computers Work", Millennium Edition, Que
Corporation, Indianapolis, IN, Sep. 1999. [Uploaded in 2 parts].
cited by applicant .
Official Communication in European Patent Application No.
05818903.6, dated Dec. 23, 2011. cited by applicant .
Official Communication in European Patent Application No.
05818903.6, dated Mar. 18, 2014. cited by applicant .
International Search Report and Written Opinion for Application No.
PCT/US2005/035532, dated Oct. 29, 2007. cited by applicant .
International Preliminary Report on Patentability and Written
Opinion for Application No. PCT/US2005/035532, dated Jan. 9, 2008.
cited by applicant .
Official Communication in European Patent Application No.
6845722.5, dated Mar. 13, 2009. cited by applicant .
Official Communication in European Patent Application No.
8159110.9, dated Oct. 27, 2008. cited by applicant .
Official Communication in European Patent Application No.
8159110.9, dated Mar. 22, 2010. cited by applicant .
International Search Report and Written Opinion for Application No.
PCT/US2006/048251, dated Feb. 26, 2008. cited by applicant .
International Preliminary Report on Patentability and Written
Opinion for Application No. PCT/US2006/048251, dated Jun. 18, 2008.
cited by applicant .
International Search Report and Written Opinion for Application No.
PCT/US2007/065776, dated Jul. 3, 2008. cited by applicant .
International Preliminary Report on Patentability and Written
Opinion for Application No. PCT/US2007/065776, dated Sep. 30, 2008.
cited by applicant .
International Search Report and Written Opinion received in PCT
Application No. PCT/US2005/020750, dated Jun. 13, 2008. cited by
applicant .
International Preliminary Report on Patentability and Written
Opinion received in PCT Application No. PCT/US2005/020750, dated
Jul. 1, 2008. cited by applicant .
Official Communication in European Patent Application No.
08165224.0, dated Nov. 15, 2010. cited by applicant .
Supplementary European Search Report for Application No.
EP09735653, dated Dec. 16, 2011. cited by applicant .
Official Communication for Application No. EP09735653, dated Jan.
4, 2013. cited by applicant .
International Search Report and Written Opinion for Application No.
PCT/US2009/041462, dated Dec. 1, 2009. cited by applicant .
International Preliminary Report on Patentability and Written
Opinion for Application No. PCT/US2009/041462, dated Nov. 4, 2010.
cited by applicant .
International Search Report and Written Opinion for Application No.
PCT/US2011/056948, dated Apr. 18, 2012. cited by applicant .
International Preliminary Report on Patentability in Application
No. PCT/US2011/056948, dated May 2, 2013. cited by applicant .
International Search Report and Written Opinion for Application No.
PCT/US2013/033357, dated Jul. 10, 2013. cited by applicant .
International Preliminary Report on Patentability in Application
No. PCT/US2013/033357, dated Sep. 23, 2014. cited by applicant
.
International Search Report and Written Opinion for Application No.
PCT/US2013/053495, dated Nov. 22, 2013. cited by applicant .
International Preliminary Report on Patentability in Application
No. PCT/US2013/053495, dated Feb. 3, 2015. cited by applicant .
International Search Report and Written Opinion for Application No.
PCT/US2013/070146, dated Mar. 3, 2014. cited by applicant .
International Preliminary Report on Patentability in Application
No. PCT/US2013/070146, dated May 19, 2015. cited by applicant .
Provisional Application as filed in U.S. Appl. No. 61/324,312,
dated Apr. 15, 2010 in 15 pages. cited by applicant .
Official Communication in European Patent Application No.
05818903.6, dated Jul. 18, 2017. cited by applicant .
Summons to Attend Oral Proceedings received in European Application
No. EP09735653, dated Oct. 7, 2016. cited by applicant .
The Knightmare, "Secrets of a Super Hacker", Loompanics Unlimited,
Port Townsend, Washington, 1994, pp. 233. cited by applicant .
Official Communication in European Patent Application No.
19181057.1, dated Sep. 17, 2019. cited by applicant .
Official Communication in European Patent Application No.
19189189.4, dated Jan. 21, 2020. cited by applicant.
|
Primary Examiner: Cassity; Robert A
Assistant Examiner: Lee; Tsu-Chang
Attorney, Agent or Firm: Knobbe, Martens, Olson & Bear,
LLP
Parent Case Text
CROSS-REFERENCE
This application claims the benefit of U.S. Provisional Application
No. 61/872,287, filed Aug. 30, 2013, which application is
incorporated herein by reference.
Claims
What is claimed is:
1. A computer-implemented method for automated selection of an
electronic security action based on a uniqueness assessment of a
device identifier, said computer-implemented method under the
control of one or more computer systems configured with executable
instructions and comprising: establishing an electronic connection
with one or more databases storing at least: a plurality of
evaluation rules; and a predetermined threshold associated with a
range of quality scores, wherein the predetermined threshold is
associated with a predetermined threshold value; detecting a first
online session between a computer system and a first user device;
detecting a network event during the first online session;
receiving device data associated with the first user device,
wherein the device data is captured during the first online session
and comprises a plurality of parameters comprising a first
parameter and a second parameter, and wherein the plurality of
parameters are associated with the network event; determining a
first device identifier associated with the first user device based
at least in part on the plurality of parameters; receiving a first
plurality of evaluation rules from the one or more databases,
wherein the first plurality of evaluation rules are selected based
at least in part on a value of the first parameter; determining,
based at least in part on the first plurality of evaluation rules
and values of the plurality of parameters, a plurality of weight
values, wherein the plurality of weight values are associated with
the plurality of parameters; calculating, based at least in part on
the plurality of weight values, a first quality score associated
with the first device identifier; receiving an electronic
indication that the first online session is likely fraudulent;
accessing the predetermined threshold from the one or more
databases; comparing the first quality score with the predetermined
threshold value; determining that the first quality score satisfies
the predetermined threshold, wherein the determination that the
first quality score satisfies the predetermined threshold indicates
that the first device identifier is not shared by multiple devices;
and based at least in part on the determination that the first
quality score satisfies the predetermined threshold, adding the
first device identifier to a blacklist such that network traffic
from any devices with an association to the first device identifier
are blocked.
2. The computer-implemented method of claim 1, wherein the
plurality of evaluation rules are generated using a machine
learning technique, wherein the machine learning technique
comprises a neutral network or a statistical analysis of historical
data comprising device fingerprints and indication of whether such
fingerprints uniquely identify a device.
3. The computer-implemented method of claim 2, wherein the
calculating the first quality score is performed without access to
the historical data.
4. The computer-implemented method of claim 2, wherein the
plurality of evaluation rules is updated periodically based at
least in part on changes of the historical data.
5. The computer-implemented method of claim 1, wherein: the
plurality of weight values comprises: a first weight value
associated with the first parameter; and a second weight value
associated with the second parameter; the first weight value is
determined based at least in part on a first weight-value map and
the value of the first parameter; and the second weight value is
determined based at least in part on a second weight-value map and
a value of the second parameter.
6. The computer-implemented method of claim 5, wherein: the
plurality of evaluation rules comprises a first evaluation rule and
a second evaluation rule; the first evaluation rule is associated
with the first parameter and the first weight-value map; and the
second evaluation rule is associated with the second parameter and
the second weight-value map.
7. The computer-implemented method of claim 1 further comprising:
based at least in part on the determination that the first quality
score satisfies the predetermined threshold, transmitting a
targeted content to the devices with an association to the first
device identifier, wherein the targeted content is customized based
at least in part on the device data associated with the first user
device.
8. The computer-implemented method of claim 1 further comprising:
determining that the first quality score does not satisfy the
predetermined threshold, wherein the determination that the first
quality score does not satisfy the predetermined threshold
indicates that the first device identifier is shared by multiple
devices; and based at least in part on the determination that the
first quality score does not satisfy the predetermined threshold,
monitoring network traffic from the devices with an association to
the first device identifier.
9. A computer system for automatically selecting an electronic
security action based on a uniqueness assessment of a device
identifier, the system comprising: one or more processors; and a
memory, including instructions executable by the one or more
processors to cause the computer system to at least: establish an
electronic connection with one or more database storing at least: a
plurality of evaluation rules; and a predetermined threshold
associated with a range of quality scores, wherein the
predetermined threshold is associated with a predetermined
threshold value; detect a first online session between a computer
system and a first user device; detect a network event during the
first online session; receive device data associated with the first
user device, wherein the device data is captured during the first
online session and comprises a plurality of parameters comprising a
first parameter and a second parameter, and wherein the plurality
of parameters are associated with the network event; determine a
first device identifier associated with the first user device based
at least in part on the plurality of parameters; receive a first
plurality of evaluation rules from the one or more databases,
wherein the first plurality of evaluation rules are selected based
at least in part on a value of the first parameter; determine,
based at least in part on the first plurality of evaluation rules
and values of the plurality of parameters, a plurality of weight
values, wherein the plurality of weight values are associated with
the plurality of parameters; calculate, based at least in part on
the plurality of weight values, a first quality score associated
with the first device identifier; receive an electronic indication
that the first online session is likely fraudulent; access the
predetermined threshold from the one or more databases; compare the
first quality score with the predetermined threshold value;
determine that the first quality score satisfies the predetermined
threshold, wherein the determination that the first quality score
satisfies the predetermined threshold indicates that the first
device identifier is not shared by multiple devices; and based at
least in part on the determination that the first quality score
satisfies the predetermined threshold, add the first device
identifier to a blacklist such that network traffic from any
devices with an association to the first device identifier are
blocked.
10. The system of claim 9, wherein the plurality of evaluation
rules are generated using a machine learning technique, wherein the
machine learning technique comprises a neutral network or a
statistical analysis of historical data comprising device
fingerprints and indication of whether such fingerprints uniquely
identify a device.
11. The system of claim 10, wherein the plurality of evaluation
rules is updated periodically based at least in part on changes of
the historical data.
12. The system of claim 10, wherein the first quality score is
calculated without access to the historical data.
13. The system of claim 9, wherein the instructions executable by
the one or more processors further cause the computer system to:
based at least in part on the determination that the first quality
score satisfies the predetermined threshold, transmit a targeted
content to the devices with an association to the first device
identifier, wherein the targeted content is customized based at
least in part on the device data associated with the first user
device.
14. The system of claim 9, the instructions executable by the one
or more processors further cause the computer system to: determine
that the first quality score does not satisfy the predetermined
threshold, wherein the determination that the first quality score
does not satisfy the predetermined threshold indicates that the
first device identifier is shared by multiple devices; and based at
least in part on the determination that the first quality score
does not satisfy the predetermined threshold, monitor network
traffic from the devices with an association to the first device
identifier.
15. A non-transitory computer storage having stored thereon a
computer program, the computer program including executable
instructions that instruct a computer system to at least: establish
an electronic connection with one or more databases storing at
least: a plurality of evaluation rules; and a predetermined
threshold associated with a range of quality scores, wherein the
predetermined threshold is associated with a predetermined
threshold value; detect a first online session between a computer
system and a first user device; detect a network event during the
first online session; receive device data associated with the first
user device, wherein the device data is captured during the first
online session and comprises a plurality of parameters comprising a
first parameter and a second parameter, and wherein the plurality
of parameters are associated with the network event; determine a
first device identifier associated with the first user device based
at least in part on the plurality of parameters; receive a first
plurality of evaluation rules from the one or more databases,
wherein the first plurality of evaluation rules are selected based
at least in part on a value of the first parameter; determine,
based at least in part on the first plurality of evaluation rules
and values of the plurality of parameters, a plurality of weight
values, wherein the plurality of weight values are associated with
the plurality of parameters; calculate, based at least in part on
the plurality of weight values, a first quality score associated
with the first device identifier; receive an electronic indication
that the first online session is likely fraudulent; access the
predetermined threshold from the one or more databases; compare the
first quality score with the predetermined threshold value;
determine that the first quality score satisfies the predetermined
threshold, wherein the determination that the first quality score
satisfies the predetermined threshold indicates that the first
device identifier is not shared by multiple devices; and based at
least in part on the determination that the first quality score
satisfies the predetermined threshold, add the first device
identifier to a blacklist such that network traffic from any
devices with an association to the first device identifier are
blocked.
16. The non-transitory computer storage of claim 15, wherein the
plurality of evaluation rules are generated using a machine
learning technique, wherein the machine learning technique
comprises a neutral network or a statistical analysis of historical
data comprising device fingerprints and indication of whether such
fingerprints uniquely identify a device.
17. The non-transitory computer storage of claim 16, wherein the
plurality of evaluation rules is updated periodically based at
least in part on changes of the historical data.
18. The non-transitory computer storage of claim 16, wherein the
first quality score is calculated without access to the historical
data.
19. The non-transitory computer storage of claim 15, wherein the
executable instructions further instruct the computer system to:
based at least in part on the determination that the first quality
score satisfies the predetermined threshold, transmit a targeted
content to the devices with an association to the first device
identifier, wherein the targeted content is customized based at
least in part on the device data associated with the first user
device.
20. The non-transitory computer storage of claim 15, wherein the
executable instructions further instruct the computer system to:
determine that the first quality score does not satisfy the
predetermined threshold, wherein the determination that the first
quality score does not satisfy the predetermined threshold
indicates that the first device identifier is shared by multiple
devices; and based at least in part on the determination that the
first quality score does not satisfy the predetermined threshold,
monitor network traffic from the devices with an association to the
first device identifier.
Description
BACKGROUND OF THE INVENTION
With rapid advancement of computer technologies and e-Commerce,
people are increasingly reliant on a variety of internet-connected
devices for everything from banking to booking travel to shopping.
As a service provider, it has become increasingly important to
distinguish among the different devices in order to provide detect
and prevent online fraud and/or to provide customized content or
services.
SUMMARY OF THE INVENTION
System and methods for determining uniqueness of device identifiers
are provided. According to an aspect of the invention, a
computer-implemented method for determining uniqueness of a device
identifier is provided. The method comprises obtaining a plurality
of evaluation rules based at least in part on historical data and
determining the uniqueness of the device identifier based at least
in part on the evaluation rules and a plurality of parameters
associated with the device identifier. Obtaining the one or more
evaluation rules may include analyzing the historical data using a
machine learning technique. Determining the uniqueness of the
device identifier may include determining a device quality score
associated with the device identifier. Determining the uniqueness
of the device identifier may include selecting a subset of the one
or more evaluation rules based at least in part on the plurality of
parameters and applying the subset of evaluation rules to at least
some of the plurality of parameters to obtain the device quality
score. The method may further comprise determining a suitable
action based at least in part on the uniqueness of the device
identifier. Determining the suitable action may include selecting a
first action if the device identifier is more likely to be unique
and selecting a second action if the device identifier is less
likely to be unique.
INCORPORATION BY REFERENCE
All publications, patents, and patent applications mentioned in
this specification are herein incorporated by reference to the same
extent as if each individual publication, patent, or patent
application was specifically and individually indicated to be
incorporated by reference.
BRIEF DESCRIPTION OF THE DRAWINGS
The novel features of the invention are set forth with
particularity in the appended claims. A better understanding of the
features and advantages of the present invention will be obtained
by reference to the following detailed description that sets forth
illustrative embodiments, in which the principles of the invention
are utilized, and the accompanying drawings of which:
FIG. 1 illustrates an example environment for implementing the
present invention, in accordance with an embodiment.
FIG. 2a illustrates example components of a device identification
system, in accordance with an embodiment.
FIG. 2b illustrates example components of a device identification
system, in accordance with another embodiment.
FIG. 3 illustrates example components of a computer device for
implementing aspects of the present invention, in accordance with
an embodiment.
FIG. 4 illustrates an example process for implementing the present
invention, in accordance with an embodiment.
FIG. 5 illustrates an example process for determining the
uniqueness of a device identifier, in accordance with an
embodiment.
FIG. 6 illustrates an example process for determining the
uniqueness of a device identifier, in accordance with an
embodiment.
FIG. 7 illustrates an example process for calculating a device
quality score, in accordance with an embodiment.
FIG. 8 illustrates an example process for determining the
uniqueness of a device identifier, in accordance with an
embodiment.
DETAILED DESCRIPTION OF THE INVENTION
According to aspects of the present invention, a device
identification system and methods may be provided for determining
the uniqueness of device identifiers. Network devices, such as
desktops, laptops, tablet computing devices, smart phones, smart
TVs, and the like, may be identified using device identifiers. Such
device identifiers may be provided or generated by the
manufacturers, distributors, developers, or any suitable entity.
Examples of device identifier may include Android identifier (ID),
iPhone's Unique Identifier (UDID), iPhone's
IdentifierForAdvertising (IFA or IDFA), cookie ID, login ID,
Internet Protocol (IP) address, media access control (MAC) address,
a hash of any of the above, a combination of any of the above, or
the like. In some cases, the device identifier may be derived based
on one or more hardware and/or software parameters of a device
identified by the device identifier. For example, a device
identifier may be derived from the IP address, operating system
version, and locale setting of the device. In some embodiments, a
device identifier may be used to identify the source or origin or a
transaction, request, or network event. For example, a device
identifier may include a user identifier, an account identifier,
and the like. Ideally, a device identifier uniquely identifies a
device. In other words, different devices are mapped to different
device identifiers, for example, based on unique software/hardware
characteristics associated with the devices. However, in some
cases, different devices may have the same device identifiers. In
some cases, such as in an online fraud, such sharing of device
identifiers may be intentional. In some other cases, such sharing
of device identifiers may be unintentional.
In some embodiments, a device identifier may be used to distinguish
among the entities (e.g., users) associated with the devices
identified by the device identifier. For example, a content or
service provider may use such device identifiers to distinguish
among different users so as to provide customized advertisement or
service items tailored to the preferences of the users. However,
such targeted user-specific action (e.g., target advertisement
delivery) is only effective when there is a high probability that
the device identifier is indeed unique, that is, it is very likely
that the device identifier is not shared by multiple devices. In
some instances, different devices may have the same device
identifiers. For example, the Android ID for two Android devices
may be the same. For another example, two devices may have the same
IP address. As yet another example, devices having similar or
different parameters may result in having the same value for their
device identifiers. In such cases when the device identifier is not
unique, targeted action may not be feasible or desirable. Rather, a
different action or approach may be required.
As an example, consider two users Carola and Marley. Carola
operates a device 1 to access a shopping website and Marley
operates a device 2 to access the same shopping site. Carola is
interested in jewelry and art and Marley is interested in cars and
technology. The service provider operating the shopping website may
be able to deliver different targeted advertisement to Carola and
Marley based on their different preferences if the service provider
can distinguish the device 1 from device 2. In other words, given a
device identifier, if the service provider can be confident that
the device identifier is unique, that is, it is unique to a
specific device, then the service provider's may be able to provide
effective targeted content. On the other hand, if for a given the
device identifier, the service provider is not confident that the
device identifier is unique (i.e., associated with only with Carola
or only with Marley), then it may be undesirable to delivery
customized content because it may offend or otherwise alienate the
unintended audience of such customized content. Rather, providing
more generic content may prove to be more effective in this
case.
As another example, a fraud detection engine may be configured to
detect fraudulent activities associated of network devices. For a
given device identifier associated with fraudulent transactions, if
it is likely that the device identifier is unique, it may be
desirable to take specific fraud prevention actions with respect to
activities associated with the device identifier. For example, the
device identifier may be added to a blacklist so that activities
associated with the device identifier are blocked. This may be a
desirable solution that prevents future fraud without affecting
non-rogue devices since it is unlikely that the device identifier
is shared by other devices. Conversely, if the device identifier is
likely to be non-unique, then put the device identifier into a
blacklist may unduly impact legitimate activities of non-rogue
devices that happen to share the same device identifier. Rather, a
more moderate measure may be taken such as monitoring instead of
blocking traffic coming from devices identified by the device
identifier.
According to aspects of the present invention, a device
identification system and methods may be provided for determining
the uniqueness of device identifiers. The device identification
system may include an analysis engine, an evaluation engine, and
optionally, an action engine (such as illustrated in FIG. 2a
below). The analysis engine may be configured to generate, based on
historical data, rules that may be used to determine the uniqueness
of device identifiers. Specifically, the rules may be used to
derive a quality score associated with a given device identifier.
Quality score may be a numerical value. For instances, the quality
score may be any integer between 0 and 100 (inclusive) where the
higher the quality score the more likely that the device identifier
is unique. The rules may be stored in a data store which may
include a database or a data file (e.g., a JSON file) that is
accessible to the evaluation engine.
The evaluation engine may be configured to receive a plurality of
parameters associated with a device identifier, select the
applicable rules (e.g., based on at least some of the parameters
such as the device's operating system or hardware type) and apply
the rules to the plurality of parameters to derive a quality score
and/or a quality grade. In some cases, the quality grade may be
derived based on the quality score. In some embodiments, the
plurality of parameters may include any hardware and/or software
parameters associated with a device identified by the device
identified.
In some embodiments, the plurality of parameters may include
deterministic identifiers such as customer ID, login ID, account
ID, cookie ID, UDID, Android ID, IFA or IFDA, Identifier For Vendor
(IFV), International Mobile Equipment Identity (IMEI), MAC address,
IP address, and the like.
In some embodiments, the plurality of parameters may include client
and/or server location and/or geographical information; client
device trustability score or similar indicator; user lifetime value
(LTV) or similar indicator; client device Return on Investment
Index (ROlndex) or similar indicator; device metadata such as
manufacturer (e.g., Apple, Samsung, Microsoft, Dell, etc), name
(e.g., iPhone), model, version, and the like; device operating
system (e.g., iOS, Android, Windows Phone, BlackBerry, Mac OS, OS
X, Microsoft Windows, Unix, Linux, BSD, etc.); browser metadata
such as maker (e.g., Google, Microsoft, Mozilla), name (e.g.,
Chrome, Internet Explorer, Firefox, Opera, Safari), version, and
the like; other software and/or hardware characteristics (e.g.,
Adobe Flash version); event type such as impression, click or
selection, download, page load, and the like; event type detail
such as campaign type, transaction type, and the like; customer
type and industry; and other parameters.
In typical embodiments, such parameters are obtained without the
awareness of the user operating the device. In some cases, some or
all of the parameters may be obtained with the user's awareness. In
some embodiments, some or all of the parameters may be included in
one or more requests or messages provided by the device or by
another entity such as a Domain Name System (DNS) server, an Active
Directory (AD) server, and the like. Example parameters may include
user agent (UA), IP address, user identity, user credentials,
network protocol, service endpoint, Hypertext Transfer Protocol
(HTTP) method and/or status code, operating system, locale or
language code, processor architecture, device type (e.g., desktop,
mobile phone, etc.) and the like. In some embodiments, some or all
of the parameters discussed herein may be used to derive the device
identifier and to derive the quality score or grade. For example,
the parameters may be concatenated, combined, appended, hashed,
encrypted, and otherwise processed to derive the device identifier
and/or quality score or grade. For example, in an embodiment, the
device identifier may include a 40-character SHA-1 hash of some of
the parameters.
In some embodiments, a set of applicable rules may be selected
based at least in part on some of the parameters associated with
the device identifier. For example, different sets of rules or the
same set of rules may be provided for different types of devices
and/or operating systems. For example, a first set of rules may be
selected for an Android device whereas a second set of rules may be
selected for an iOS device.
In an embodiment, the rules include, for each of at least some of
the plurality of parameters, a corresponding value-weight map. In
some cases, the rules may include usage rules associated with the
value-weight maps that specify how the maps should be applied to
the parameter. In other embodiments, such usage rules may be
optional. Each of the value-weight maps may include one or more
parameter values or value ranges along with corresponding weights.
The parameter values may include any of the above-discussed
parameters or a derivation thereof. The table below provides an
example value-weight map for the user agent parameter:
TABLE-US-00001 Parameter Value Weight 8 0.5 10 0.38 12 0.01 . . . .
. .
For the above example, a usage rule associated with the
value-weight map may specify that the parameter value to be used to
look up the value-weight map is the length of the user agent
identifier character string. For example, given a user agent
parameter of "UA_2.8.1", the corresponding parameter value,
according to the "UA-length" rule, is 8, the length of the
character string "UA_2.8.1" and the corresponding weight is
0.5.
Thus, for at least some of the plurality of parameters associated
with the device identifier, corresponding weights may be obtained
by applying the rules (e.g., by looking up the corresponding
parameter-specific value-weight map as specified by usage
rule).
While the value-weight maps illustrated here each corresponds to a
specific parameter, in some embodiments, a value-weight map may
correspond to more than one parameter. For example, the value used
to look up the value-weight map may be derived based on the values
of one or more parameters.
In some embodiments, the weights associated with the parameters may
be weighted, for example, based on the perceived importance of the
parameters. The perceived importance of the parameters may be
determined based on statistical analysis of the historical data.
For example, in an embodiment, the weight associated with the IP
address parameter may be given a larger weight than the weight
associated with the user agent parameter.
A quality score indicative of the uniqueness of a device identifier
may be derived based on the parameter weights, which may be
weighted as discussed above. For example, the device score may be
calculated as a linear combination of the weighted weight values.
The quality score may be categorized into quality grades. For
example, a quality score between 80 and 100 may be categorized as
quality grade A, a quality score between 60 and 80 may be
categorized as quality grade B, and so on. Thus, device identifiers
may be segmented according to their quality grades. In general, a
device identifier is considered to be "high quality" if it has a
high quality score or grade and "low quality" if it has a low
quality score or grade.
In some embodiments, the value-weight maps, usage rules, formula
and/or algorithm for calculating the quality scores and the like
are collectively referred to as the evaluation rules (or rules).
Some or all of such evaluation rules may be derived based on the
historical data associated with past user activities and usage of
computing resources. In particular, the historical data may be
analyzed using statistical analysis and machine learning techniques
such as logistical regression. Other suitable data mining
techniques may also be used. Such data analysis may be performed by
the analysis engine with or without human intervention.
As discussed above, the calculation of the quality scores or grades
does not involve analyzing vast amount of historical data. Rather,
the calculation is performed based on the rules derived from the
historical data. The size of the rules may be significantly smaller
than the size of the historical data which the rules are based on.
For example, the rules may fit in one or more JSON files whereas
the historical data may be stored in large data storage systems.
Given the pre-calculated or derived rules, the time and complexity
of the quality score/grade calculation (and hence determination of
uniqueness of device identifiers) is significantly reduced. In some
cases, uniqueness determination may be performed efficiently for a
large amount of transactions in a short period of time. As the
historical data evolve over time, the rules derived from the
historical data may be updated to reflect any changes (e.g., on a
periodic basis). By using such updated rules, the quality
score/grade calculation also reflects the changes in historical
data.
In some embodiments, the device identification system discussed
herein may or may not include an action engine. The action engine
may be configured to take different actions based on the uniqueness
of device identifiers (such as indicated by the quality grades or
quality scores). For example, the action engine may be configured
to provide more targeted content to devices associated with a high
quality device identifier and less targeted content to devices
associated with a lower quality device identifier. It shall be
understood that different aspects of the invention can be
appreciated individually, collectively, or in combination with each
other.
FIG. 1 illustrates an example environment 100 for implementing the
present invention, in accordance with an embodiment. As
illustrated, one or more user devices 102 connect via a network 104
to a device identification system 106 configured to provide device
identification functionalities described herein. In various
embodiments, the user devices 102 may include any devices capable
of communicating with the network 104, such as personal computers,
workstations, laptops, smartphones, mobile phones, tablet computing
devices, smart TVs, game consoles, internet-connected setup boxes,
kitchen appliances and the like. In some embodiments, the user
devices 102 may include applications such as web browsers and/or
applications (e.g., mobile apps) that are capable of communicating
with the device identification system 106 and/or a system that uses
the device identification system 106.
In some embodiments, the device identification system 106 may
include or be included in one or more computing systems. For
example, the device identification system 106 may be a part of a
content provider. For example, the device identification system 106
may be a runtime component of a web server of the content server.
As another example, the device identification system 106 may be a
part of a fraud detection system or service used by an online
service provider such as a bank, a merchant, a payment service
provider, and the like. In some embodiments, the device
identification system may be owned and/or operated by the same or
different entity as the content provider.
In some embodiments, the device identification system 106 may be
implemented by one or more physical and/or logical computing
devices or computer systems that collectively provide the
functionalities described herein. For example, aspects of the
device identification system 106 may be implemented by a single
server or by a plurality of servers (e.g., distributed Hadoop
nodes). As another example, aspects of the device identification
system 106 may be implemented by one or more processes running on
one or more devices. In some embodiments, the device identification
system 106 may provide an API such as a web service interface that
may be used by users or other processes or services to utilize the
functionalities of the device identification system discussed
herein.
In some embodiments, the device identification system 106 may
comprise one or more computing services provisioned from a "cloud
computing" provider, for example, Amazon Elastic Compute Cloud
("Amazon EC2"), provided by Amazon.com, Inc. of Seattle, Wash.; Sun
Cloud Compute Utility, provided by Sun Microsystems, Inc. of Santa
Clara, Calif.; Windows Azure, provided by Microsoft Corporation of
Redmond, Wash., and the like.
In some embodiments, the device identification system 106 may
communicate with a data store 108 in order to perform the
functionalities described herein. For example, the data store 108
may be used to store historical data, evaluation rules, and the
like.
In some embodiments, the data store 108, or any other data stores
discussed herein, may include one or more data files, databases
(e.g., SQL database), data storage devices (e.g., tape, hard disk,
solid-state drive), data storage servers, or the like. In various
embodiments, such a data store 108 may be connected to the device
identification system 106 locally or remotely via a network. In
some embodiments, data store 108, or any other data stores
discussed herein, may comprise one or more storage services
provisioned from a "cloud storage" provider, for example, Amazon
Simple Storage Service ("Amazon S3"), provided by Amazon.com, Inc.
of Seattle, Wash., Google Cloud Storage, provided by Google, Inc.
of Mountain View, Calif., and the like.
In various embodiments, the network 104 may include the Internet, a
local area network ("LAN"), a wide area network ("WAN"), a cellular
network, wireless network or any other public or private data
and/or telecommunication network.
FIG. 2a illustrates example components of a device identification
system 200A, in accordance with an embodiment. The device
identification system 200A may be similar to the device
identification system 106 discussed in FIG. 1. In various
embodiments, the device identification system 200A may include one
or more components that individually or collectively provide a set
of functionalities. Each component may be implemented by one or
more physical and/or logical computing devices, such as computers,
data storage devices and the like. Some or all of the components
may be co-located on the same device or distributed on different
devices. The components may communicate with each other or with
external entities such as other systems, devices or users. It will
be appreciated by those of ordinary skill in the art that various
embodiments may have fewer or a greater number of components or
subcomponents than those illustrated in FIG. 2a. Thus, the
depiction of the environment in FIG. 2a or in other figures should
be taken as being illustrative in nature and not limiting to the
scope of the disclosure.
In the illustrated embodiment, the device identification system
200A includes an analysis engine 202, evaluation engine 204 and an
action engine 206. In some other embodiments, the device
identification system 200A may include a subset or a superset of
the illustrated components. For example, in an embodiment, the
device identification system may include only the evaluation
engine. In another embodiment, the device identification system may
include only the analysis engine and the evaluation engine. In some
embodiments, some or all of the components discussed herein may be
combined or further divided into subcomponents. Some or all of the
components may be implemented by the provider of the system or by a
third party service provider.
The analysis engine 202 may be configured to generate, based on
historical data 201, evaluation rules or rules 208 that may be used
to determine the uniqueness of device identifiers. Specifically,
the rules may be used, for example, by the evaluation engine 204,
to derive a quality score or grade 210 associated with a given
device identifier. Such rules may be derived based on historical
data obtained from many user devices and many transactions. Various
techniques may be used to derive the rules including machine
learning techniques, neural networks, fuzzy logic, statistical
analysis (e.g., logistical regression), and the like. Rules may be
generated automatically with aid of a processor. Human intervention
may or may not be required for generating the rules.
The historical data may include data (including statistics) related
to past user activities, transactions, requests, responses, usage
of computing resources and the like. In some cases, the historical
data may include information indicative of reliability,
trustworthiness or uniqueness of user devices. For example, the
historical data may indicate that a certain IP address or a certain
operating system is susceptible to security problems (e.g., virus,
Denial of Service (DoS) attack, session hijacking,
Man-in-the-Middle (MITM) or Man-in-the-Browser (MITB) attacks,
etc.). As another example, the historical data may indicate that
certain types of devices tend to share the same device
identifiers.
The evaluation engine 204 may be configured to determine uniqueness
of a device identifier based on evaluation rules 208, discussed
above. To that end, the evaluation engine 204 may be configured to
obtain device data 205 associated with a device. In some
embodiments, the device data may include a plurality of parameters
associated with or used to derive a device identifier. In some
cases, device data may include the device identifier itself. The
plurality of parameters may include any hardware and/or software
parameters associated with a device identified by the device
identified such user agent identifier, IP address, user identity
information, user credentials, network protocols, service endpoint,
service method, HTTP method and/or status code, operating system,
locale or language code, processor architecture, device type (e.g.,
desktop, mobile phone, etc.) and the like. In some embodiments, the
plurality of parameters may be associated with a particular
transaction or network event.
Based at least in part on the plurality of parameters (e.g., device
type), the evaluation engine 204 may be configured to select and
apply some or all of the evaluation rules 208 made available by the
analysis engine 202. In some embodiments, the evaluation rules may
be stored in a data store or data file that is made available to
the evaluation engine 204. The evaluation rules may be applied to
at least some of the parameters to derive a device quality score or
grade using methods discussed herein.
In some embodiments, the rules may be used to determine quality
score and/or quality grade without requiring access to historical
data. Such determination may be performed, for example, by the
evaluation engine. Such a rules-only approach may be beneficial.
For example, in some cases, the historical data may include
sensitive or personally identifying information such as credit card
information. In such cases, it may be undesirable to allow certain
entities to have access to the historical data, for example, for
privacy concerns.
The device quality score or grade may be used by the action engine
206 to determine an action 207. In various embodiments, the action
engine may include or be included in one or more web servers, data
servers, security and/or fraud detection servers and the like. The
action may include retrieval, storage, processing, modification,
transmission, or the like, of one or more responses to a request,
internal or external messages or instructions, content data, and
the like. In some cases, device identification system discussed
herein may be used to detect fraudulent and/or malicious attacks
such as session hijacking, MITM/MITB attacks, harvesting P2P
networks, and the like. In some cases, device identification system
may be used to determine suitable content (e.g., advertisement) to
provide.
In some embodiments, analysis engine, the evaluation engine and the
action engine may reside on the same or different computing devices
and may each be implemented by one or more computing devices or
processes. In some embodiments, the rules, the device quality
scores or grades, and/or the actions may be generated in real or
nearly real time as the data is coming in, or in an asynchronous
fashion such as in using batch processing. In some embodiments, the
generation of rules and the evaluation of the uniqueness of device
identifiers can be independent from each other. The rules may be
generated and/or updated at a different time schedule than that for
the evaluation of the device identifiers. For example, in an
embodiment, the rules are generated ahead of time and updated on a
periodic basis. Independently or asynchronously to the generation
and/or update of rules, device identifiers may be evaluated in real
or nearly real time using the rules.
In some embodiments, analysis engine, the evaluation engine and the
action engine may be configured to provide the various
functionalities discussed herein in a synchronous or asynchronous
fashion. For example, the generation of rules may be performed
offline, in an asynchronous fashion. The evaluation of device
quality score or grade may be performed in real time or nearly real
time as the device data is received. The determining of a suitable
action based on the device score and/or grade may be performed in
real time or nearly real time.
FIG. 2b illustrates example components of a device identification
system 200B, in accordance with another embodiment. In this
example, the device identification system 200B includes a data
collector 214 residing on a user or client device 212. The data
collector may be implemented as a browser script using JavaScript
or any other scripting language. The data collector may be
configured to communicate with a device identification service 216.
For example, the data collector may be configured to collect
parameter information about the user device such as discussed
herein and transmit such parameter information to the device
identification service 216, for example, using an API provided by
the device identification service. In some embodiments, the
collection and/or communication with the device identification
service may be triggered by an event such as a browser event. For
example, the event may include a click on a portion (e.g., a button
or a link) of a web page, loading of a web page and the like.
The device identification system 200B includes a device
identification service 216 that may be implemented as a web
service. The device identification service 216 may be implemented
by one or more servers. The servers implementing the device
identification service 216 may be owned and/or provided by a
content or service provider for the user device (e.g., banking,
ecommerce, retail) or by the provider of the device identification
system 200B.
In some embodiments, the device identification service 216 may be
configured to receive parameter information provided by the data
collector of the user device and to provide a device identifier
and/or device quality score or grade based on the parameter
information. To that end, the device identification service 216 may
utilize an evaluation engine 218. The evaluation engine 218 may be
configured to calculate a device identifier and/or a device quality
score or grade based on the parameter information. In some
embodiments, the evaluation engine 218 may be implemented using one
or more server-side library files.
In some embodiments, some or all of the parameters may be used to
derive the device identifier. For example, the parameters may be
concatenated, combined, appended, hashed, encrypted, and otherwise
processed. For example, in an embodiment, the device identifier may
include a 40-character SHA-1 hash.
In some embodiments, the device quality score or grade may be
evaluated based on some or all of the parameters. For example, a
lookup table (e.g., stored in memory) may be used to determine the
weight values associated with some or all of the parameters. The
weight values may or may not be further weighted, combined or
otherwise processed to derive a final device quality score or
grade. The device quality score may be categorized into a device
quality grade. In some embodiments, the lookup table and the
algorithm for deriving the quality score or grade may be included
on one or more rules that are pre-determined based on historical
data such as past transactions and/or user activities related to
one or more websites or web services. Thus, access to the actual
historical data may not be required for the evaluation of the
quality scores or grades. In some embodiments, the generation of
the device identifiers and/or the associated device quality scores
and/or grades may be performed in real time or nearly real time
with respect to the receipt of the parameter information. In other
embodiments, any or all of the above operations may be performed in
an asynchronous mode, for example, using batch processing.
In some embodiments, the generated device identifier and associated
device quality score and/or grade may be stored in a data store
220. The data store 220 may include a user ID map (not shown) or a
similar data structure configured to store a mapping between device
identifiers and device quality scores and/or grades. In some
embodiments, the data store 220 may include a memory of a server,
one or more data storage device (e.g., SSD, hard disk, taps), or a
cloud-based storage service such as discussed in connection with
FIG. 1. The data store 220 may or may not be owned and/or operated
by the same as the provider of the device identification service
216. For example, the user ID map may be stored at least in part on
a customer server and/or a fraud-detection system.
In some embodiments, the storing of the device identifiers and/or
the associated device quality scores and/or grades may be performed
in real time or nearly real time as the above information is
generated. In other embodiments, any or all of the above operations
may be performed in an asynchronous mode, for example, using batch
processing.
In various embodiments, the user ID map may be used by any suitable
entity for any suitable purpose. For example, in an embodiment, the
user ID map may be used by a content provider to determine the type
of content to provide to a user device. More targeted content
(e.g., advertisement) may be provided for device identifiers with
higher quality grades and less targeted content may be provided for
device identifiers with lower quality grades. In another
embodiment, the user ID map may be used by a fraud detection system
to detect and/or prevent online fraud.
In some embodiments, the user ID map may be used to update and/or
refine the evaluation rules (e.g., including weight lookup table,
device score computation algorithm) discussed herein. For example,
the user ID map may be provided for research purposes. The research
may be performed by a provider of the device identification system
or a third party service provider.
FIG. 3 illustrates example components of a computer device 300 for
implementing aspects of the present invention, in accordance with
an embodiment. In another embodiment, the computer device 300 may
be configured to implement a user device such as a user device 102
discussed in connection with FIG. 1 and/or components or aspects of
the device identification system such as described in connection
with FIGS. 1 and 2. In some embodiments, computing device 300 may
include many more components than those shown in FIG. 3. However,
it is not necessary that all of these components be shown in order
to disclose an illustrative embodiment.
As shown in FIG. 3, computing device 300 includes a network
interface 302 for connecting to a network such as discussed above.
In various embodiments, the computing device 300 may include one or
more network interfaces 302 for communicating with one or more
types of networks such as the Internet, wireless networks, cellular
networks, and any other network.
In an embodiment, computing device 300 also includes one or more
processing units 304, a memory 306, and an optional display 308,
all interconnected along with the network interface 302 via a bus
310. The processing unit(s) 304 may be capable of executing one or
more methods or routines stored in the memory 306. The display 308
may be configured to provide a graphical user interface to a user
operating the computing device 300 for receiving user input,
displaying output, and/or executing applications. In some cases,
such as when the computing device 300 is a server, the display 308
may be optional.
The memory 306 may generally comprise a random access memory
("RAM"), a read only memory ("ROM"), and/or a permanent mass
storage device, such as a disk drive. The memory 306 may store
program code for an operating system 312, one or more device
identification routines 314, and other routines. In various
embodiments, the program code may be stored on a computer-readable
storage medium, for example, in the form of a computer program
comprising a plurality of instructions executable by one or more
processors. The computer-readable storage medium may be
non-transitory. The one or more device identification routines 314,
when executed, may provide various functionalities associated with
the device identification system as described herein.
In some embodiments, the software components discussed above may be
loaded into memory 306 using a drive mechanism associated with a
non-transient computer readable storage medium 318, such as a
floppy disc, tape, DVD/CD-ROM drive, memory card, USB flash drive,
solid state drive (SSD) or the like. In other embodiments, the
software components may alternatively be loaded via the network
interface 302, rather than via a non-transient computer readable
storage medium 318. In an embodiment, the computing device 300 also
include an optional time keeping device (not shown) for keeping
track of the timing of transactions or network events.
In some embodiments, the computing device 300 also communicates via
bus 310 with one or more local or remote databases or data stores
such as an online data storage system via the bus 310 or the
network interface 302. The bus 310 may comprise a storage area
network ("SAN"), a high-speed serial bus, and/or via other suitable
communication technology. In some embodiments, such databases or
data stores may be integrated as part of the computing device
300.
FIG. 4 illustrates an example process 400 for implementing the
present invention, in accordance with an embodiment. Aspects of the
process 400 may be performed, for example, by a device
identification system such as discussed in connection with FIGS. 1
and 2 or one or more computing devices such as discussed in
connection with FIG. 3. Some or all aspects of the process 400 (or
any other processes described herein, or variations and/or
combinations thereof) may be performed under the control of one or
more computer/control systems configured with executable
instructions and may be implemented as code (e.g., executable
instructions, one or more computer programs or one or more
applications) executing collectively on one or more processors, by
hardware or combinations thereof. The code may be stored on a
computer-readable storage medium, for example, in the form of a
computer program comprising a plurality of instructions executable
by one or more processors. The computer-readable storage medium may
be non-transitory. The order in which the operations are described
is not intended to be construed as a limitation, and any number of
the described operations may be combined in any order and/or in
parallel to implement the processes.
In an embodiment, the process 400 includes obtaining 402 a set of
rules based on historical data. In various embodiments, the rules
may include the evaluation rules, discussed herein, that may be
used to determine the uniqueness of a device identifier. For
example, the rules may include one or more parameter maps that map
parameter values (original or derived) to weight values. The rules
may further include formulas, algorithms, and the like for using
the maps to (e.g., combining the weight values) to derive a device
quality score and/or device quality grade. Such a device quality
score or grade may be indicative of the uniqueness of the device
identifier. In a typical embodiment, the size of the rules is a
fraction of the amount of the historical data based on which the
rules are derived.
As discussed above, historical data may include any data related to
past data transactions, user activities, usage of computing and
network resources and the like. In some cases, the historical data
may include information indicative of reliability, trustworthiness
or uniqueness of user devices or device identifiers. In some
embodiments, the historical data may be obtained from a third-party
data or service provider and/or accumulated by a provider of the
device identification system. For example, historical data may
include interactions with content providers, ecommerce or online
retail service providers, banking, credit card, or financial
service providers, airlines, travel service providers, and the
like.
In some embodiments, the rules may be generated using a variety of
machine learning and/or data mining techniques such as statistical
analysis, neural networks, and the like. In one embodiment, some of
the rules may be defined or specified by humans. In some
embodiments, some of the rules may be generated from scratch or
provided by a third-party provider.
In an embodiment, the process 400 includes determining 404 the
uniqueness of a device identifier based on the rules discussed
above and a plurality of parameters associated with the device
identifier. In some embodiments, a device identifier may be used to
identify the source or origin or a transaction, request, or network
event. In some embodiments, a device identifier may be determined
and/or derived based on any one or combination of one or more
parameters such as described herein. For example, the device
identifier may be based on one or more hardware and/or software
settings or attributes of a device. For example, a device
identifier may include or be based on an IP address associated with
an HTTP request. As another example, a device identifier may
include or be based on a username associated with an online account
and a user agent identifier. The device identifier may include a
device fingerprint without regard to user information. In one
embodiment, the device identifier may be independent from the
parameters described herein. In a typical embodiment, a device
identifier is obtained or derived without the awareness of the
originator of the transaction or network event identified by the
device identifier. In other embodiments, the device identifier may
be obtained with user awareness.
In various embodiments, a plurality of parameters such as those
discussed herein may be obtained in connection with the device
identifier. Such parameters may be obtained from the transaction or
network event identified by the device identifier. Such parameters
may be obtained, for example, by analyzing the metadata and/or data
associated with a request, parsing a network log file, utilizing
any suitable web analytics tools, and the like. In a typical
embodiment, such parameters are obtained without user awareness. In
some embodiments, such parameters may be collected with user
awareness. In some embodiments, the device identifier and/or
parameters may be obtained without downloading anything to the
device (i.e., using a tag-free technique) or by downloading
something (e.g., a cookie or browser script) to the device.
Based on the rules and the plurality of parameters, uniqueness of
the device identifier may be determined. In some embodiments, the
uniqueness of the device identifier may be represented by a device
quality score or grade discussed herein. In other embodiments, the
uniqueness of the device identifier may be represented by any other
suitable representations. More details for determining the
uniqueness of a device identifier are discussed below in connection
with FIGS. 5-7.
In an embodiment, the process 400 includes determining 406 a
suitable action or measure to take based on the uniqueness of the
device identifier. Such action may be selected among a plurality of
actions based on a determined device quality score or quality grade
for the device identifier. For example, different action(s) may be
taken if the device identifier is more unique than if the device
identifier is less unique, or if the quality score or grade is
different. The action may include an active action such as the
retrieval, storage, processing, modification, transmission, or the
like, of one or more responses, messages, instructions, and the
like. In an embodiment, the action may include not doing something.
In some embodiments, determining the suitable action may include
comparing the device quality score or grade with a predefined
threshold value and selecting the suitable action based on the
result of the comparison. For example, if a device identifier is
determined to be more likely to be unique (e.g., having a quality
score or grade higher than a predefined threshold value), then a
more targeted advertisement may be provided. Conversely, if a
device identifier is determined to be less likely to be unique
(e.g., having a quality score or grade equal or less than the
predefined threshold value), then a less targeted advertisement may
be provided. Similarly, a more severe or drastic security or
anti-fraud measure (e.g., adding the device identifier to a
blacklist) may be taken if a device identifier is determined to be
more likely to be unique. On the other hand, a more moderate
security measure may be taken if a device identifier is determined
to be less likely to be unique.
In some embodiments, step 402 may be performed on a periodic basis
(e.g., daily, weekly, monthly). In some embodiments, steps 404 and
406 may be performed for each of a plurality of transactions in
real or nearly real time or in an asynchronous fashion (i.e., not
in real or nearly real time).
FIG. 5 illustrates an example process 500 for determining the
uniqueness of a device identifier, in accordance with an
embodiment. Aspects of the process 500 may be performed, for
example, by the evaluation engine discussed in connection with FIG.
2a or 2b.
In an embodiment, the process 500 includes obtaining 502 a set of
evaluation rules based on historical data. As discussed above, such
rules may be made available via a data file, data storage system,
web service, or any other suitable interface. In various
embodiments, the rules may be made available via the push or pull
technologies or a combination of both. In some embodiments, once
the set of rules are obtained, they can be used to evaluate the
uniqueness of one or more (e.g., hundreds or thousands of) device
identifiers. In some embodiments, the rules may be updated
occasionally (e.g., on a periodic basis).
In an embodiment, the process 500 includes obtaining 404 a
plurality of parameters associated with a device identifier. The
device identifier may be associated with a device, a group of
devices, a transaction, a user, an organization or any other
entity. The plurality of parameters may be obtained from the device
identifier itself, from the entity associated with the device
identifier, from log files, from real-time analysis of network
traffic, or from other channels using any suitable method.
Based on the rules and the plurality of parameters, the uniqueness
of the device identifier may be determined 506, for example, using
the process discussed below in connection with FIGS. 6-7.
FIG. 6 illustrates an example process 600 for determining the
uniqueness of a device identifier, in accordance with an
embodiment. Aspects of the process 600 may be performed, for
example, by the evaluation engine discussed in connection with FIG.
2a or 2b.
In an embodiment, the process 600 includes obtaining 602 a
plurality of parameters associated with a device identifier. In
some embodiments, step 602 may be similar to step 504 discussed in
connection with process 500 of FIG. 5.
In an embodiment, the process 600 includes selecting 604 applicable
rules based on the plurality of parameters. The selection may be
based on one, two or more of the plurality of parameters obtained
above. For example, different sets of rules may be applicable to
different sets of parameters. As another example, the applicable
set of rules may be dictated by a subset of the plurality of
parameters such as whether the device identifier is associated with
a desktop or a mobile device, the operating system or processor
architecture associated with the device identifier and the
like.
In an embodiment, the process 600 includes applying the selected
rules to determine 606 a plurality of weight values respectively
associated with at least some of the plurality of parameters. For
example, for each parameter value associated with a given
parameter, a value-weight map may be used to look up a
corresponding weight value. The value-weight map may be stored as a
lookup table or similar data structure in memory or in another data
storage medium. The value-weight map(s) may or may not be part of
the rules obtained in step 604. The weight values may be used to
obtain 608 a device quality score. In some embodiments, weight
values may be further weighted before being combined to derive the
device quality score. For example, the device quality score may
include a linear combination of the weighted weight values. The
formula or algorithm for combining the weight values may or may not
be part of the rules obtained in step 604. The quality score may be
represented by numeric value. The numeric value may fall within a
predetermined numerical range. In general, a higher quality score
indicates a higher likelihood that a device identifier is unique
and vice versa.
In some embodiments, the quality score may be used to derive 610 a
quality grade, such as grade A, B, C and so on. For example, a
quality score between 80 and 100 may be categorized as quality
grade A, a quality score between 60 and 80 may be categorized as
quality grade B, and so on. The quality grade may be represented by
numeric or non-numeric values. In some embodiments, the step 610 of
deriving a quality grade may be optional.
FIG. 7 illustrates an example process 700 for calculating a device
quality score, in accordance with an embodiment. The process 700
may be similar to the process 600 described above in connection
with FIG. 6.
The illustrated process may be used to calculate the quality score
associated with a transaction or network event 702 that is
identified by a device identifier (not shown). A plurality of
parameters may be associated with the network event, such as user
agent identifier 704, IP address 706, language code 708, and the
like. For each of the plurality of parameters, a weight value may
be obtained based on a corresponding value-weight map. For example,
the value-weight maps 716, 718, 720 may correspond respectively to
the parameters 704, 706 and 708. In some embodiments, the parameter
values may be transformed or otherwise used to obtain the parameter
value used to look up the value-weight map, for example, according
to parameter-specific usage rules 710, 712 and 714. For example,
the length of the character string of a user agent identifier is to
be calculated and used as the parameter value to look up the user
agent value-weight map 716, according to rule 710. For example, a
user agent identifier "UA_2.8.1" has a character length of 8 and a
weight value of 0.5 according to the user agent value-weight map
716. For IP addresses, no transformation may be necessary and the
original IP address may be used to look up the IP address
value-weight map 618, according to rule 712. For example, an IP
address "310.31.345" has an exact match in the IP address
value-weight map 718 with a weight value of 0.4. And for language
codes, the number of word count may be used to look up the language
value-weight map 720, according to rule 714. For example, a
language "Fr-fr" has a word count of 2 and a weight value of 0.02
according to the language value-weight map 720.
Once the weight values are obtained, they may be combined to derive
the device quality score, for example, according to a formula
and/or algorithm 722 to derive the final quality score 724. As
discussed above, the weight values may be further weighted (e.g.,
according to the relative significance of the parameters) before
they are combined. In some embodiments, the quality score may be
normalized, for example, using a coefficient. Any suitable methods
of normalization may be used to normalize the quality score.
In various embodiments, the usage rules, value-weight maps, formula
or algorithm discussed above may collectively comprise the
evaluation rules discussed herein. Such evaluation rules may be
derived once based on historical data and used repeatedly to
quickly calculate quality scores for many device identifiers. The
evaluation rules may be updated, for example, on a periodic basis,
as the historical data evolves.
FIG. 8 illustrates an example process 800 for determining the
uniqueness of a device identifier, in accordance with an
embodiment. Aspects of the process 800 may be performed, for
example, by the device identification system discussed in
connection with FIG. 2a or 2b.
In an embodiment, process 800 includes detecting 802 a network
event such as a browser event (e.g., clicking of a control,
scrolling, resizing, loading or closing of a web page, and the
like). Such detection may be implemented by a browser script (e.g.,
JavaScript).
In an embodiment, in response to the detected network event, a
plurality of parameters related to the device associated with the
network event is obtained 804. Based on some or all of the obtained
plurality of parameters, a device identifier and a device quality
grade may be determined 806. Such determination may be further
based on pre-calculated rules derived from historical data. The
rules may be embodied by the value-weight map/lookup table
discussed herein. Finally, the device identifier and the device
quality grade may be stored 808, such as in a data store 220
discussed in connection with FIG. 2b. In some embodiments, storage
808 step may be optional and the device identifier and device
quality grade may be used directly without being stored first.
In some embodiments, the present invention separates the
calculation of rules based on historical data from the use of the
rules to derive device identifier and/or device quality score or
grade associated with the device identifier. Such separation serves
to limit the access to the historical data alleviating concerns
with respect to the privacy of the historical data. The separation
also allows fast, real-time or nearly real time, and scalable
determination of device identifiers and/or device quality scores
and/or grades. Additionally, in some embodiments, the rules may be
stored at a central location, making it easy to maintain and update
the rules independently from the uses of the rules.
While preferred embodiments of the present invention have been
shown and described herein, it will be obvious to those skilled in
the art that such embodiments are provided by way of example only.
Numerous variations, changes, and substitutions will now occur to
those skilled in the art without departing from the invention. It
should be understood that various alternatives to the embodiments
of the invention described herein may be employed in practicing the
invention. It is intended that the following claims define the
scope of the invention and that methods and structures within the
scope of these claims and their equivalents be covered thereby.
* * * * *
References